EDK II is the public implementation of UEFI on which a large part of the OEMs rely to craft their own firmware. If a vulnerability were to be found in this project, it could become a huge problem as it could impact many devices. Or... It could be unimpressive and go totally unnoticed because nobody cares. ¯\_(ツ)_/¯
In this talk, we'll present a bug in EDK II which is difficult to leverage in real life but still quite fun to attack.
We'll see how we can build a complete exploit solely based on the mechanisms that are present in the public implementation and how we can gain arbitrary code execution in SMM thanks to that.